View on MITRE ATT&CK

T1074.001 - Local Data Staging

Sub-technique
Tattiche:
Collection
Piattaforme:
ESXi Linux macOS Windows
Rilevamento:
Not specified
Description:
Adversaries may stage collected data in a central location or directory on the local system prior to Exfiltration. Data may be kept in separate files or combined into one file through techniques such as [Archive Collected Data](https://attack.mitre.org/techniques/T1560). Interactive command shells may be used, and common functionality within [cmd](https://attack.mitre.org/software/S0106) and bash may be used to copy data into a staging location.

Adversaries may also stage collected data in various available formats/locations of a system, including local storage databases/repositories or the Windows Registry.(Citation: Prevailion DarkWatchman 2021)
Usato da Attori (20)
APT3
Nation-state
APT28
Nation-state
Lazarus Group
Nation-state
APT5
Unknown
Kimsuky
Nation-state
MuddyWater
Nation-state
MUSTANG PANDA
Nation-state
INDRIK SPIDER
Unknown
WIZARD SPIDER
Nation-state
APT39
Unknown
FIN5
Unknown
GALLIUM
Unknown
TeamTNT
Unknown
BackdoorDiplomacy
Unknown
FIN13
Unknown
Volt Typhoon
Unknown
UNC3886
Unknown
Dragonfly
Unknown
Patchwork
Unknown
Leviathan
Unknown
Malware (20)
Exaramel for Windows other NOKKI other KOPILUWAK other VersaMem other PAKLOG other Ursnif other FrameworkPOS other InvisibleFerret other RainyDay other AppleSeed other NETWIRE other Turian other Machete other PowerLess other Prikormka other Mafalda other AuTo Stealer other SombRAT other FLASHFLOOD other LoFiSe other
Metadata
MITRE ID: T1074.001
STIX ID: attack-pattern--1c34f7aa-9341-...
Piattaforme: ESXi, Linux, macOS, Windows
Created: 13/01/2026 17:48
Updated: 06/03/2026 16:00